MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 92fc412f66e98677e7c6b5ffcc64756b9f4b8df80a0504387f27d422603c4d10. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 92fc412f66e98677e7c6b5ffcc64756b9f4b8df80a0504387f27d422603c4d10
SHA3-384 hash: 3c0374cda6e2344f707c8c66be4b8e8e5bf0a70a11afdab3dfc06ddefff52e3ecefd1f1071a8c73cea35ad021188edac
SHA1 hash: e602403752e15c9801bf52f4f3d773bd274a7848
MD5 hash: 830cd503ba61745ffc521620948fcfb2
humanhash: low-texas-montana-pip
File name:DETALLE DE PAGOS EFECTUADOS (DETAIL OF PAYMENTS.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:976'728 bytes
First seen:2020-12-22 06:23:08 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 24576:fMSsm/rBL8gd+DbfDZ8/+J3a//rgDe6SbB2e:fMUrygdMbfD+mRIsDeJ
TLSH E1253384D0FF311A7898B66150E419DEE8B7534F028A534815FD0FDFA6F6A1B6228CDE
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email (T1566.001)
From: "info <m.triantafillou@mtg.com.gr>" (likely spoofed)
Received: "from mtg.com.gr (unknown [45.137.22.134]) "
Date: "21 Dec 2020 11:30:51 -0800"
Subject: "RE:RV DETALLE DE PAGOS EFECTUADOS (DETAIL OF PAYMENTS)"
Attachment: "DETALLE DE PAGOS EFECTUADOS (DETAIL OF PAYMENTS.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
269
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/92fc412f66e98677e7c6b5ffcc64756b9f4b8df80a0504387f27d422603c4d10/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-22 06:23:54 UTC
File Type:
Binary (Archive)
Extracted files:
16
AV detection:
16 of 45 (35.56%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sl6ecl3g5gdhpz6gwx74yzdvnopuxdpybicqiod7e7kceyb4juia._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/92fc412f66e98677e7c6b5ffcc64756b9f4b8df80a0504387f27d422603c4d10

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 92fc412f66e98677e7c6b5ffcc64756b9f4b8df80a0504387f27d422603c4d10

(this sample)

AgentTesla

Executable exe 693a680140cf38032355166adb43a1d2a5cf41edc1e2133c866ade425694affe

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 693a680140cf38032355166adb43a1d2a5cf41edc1e2133c866ade425694affe
  
Dropping
AgentTesla

Comments